AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

infoSec News Nuggets – March 5, 2019

Analysis of a command-and-control (C2) server awarded to researchers by law enforcement after seizure has provided valuable information on the threat actors behind a global hacking campaign. Dubbed "Operation Sharpshooter" by McAfee cybersecurity researchers, the campaign was first uncovered in December 2018. Operation Sharpshooter targets government departments, telecoms, energy, defense, and other organizations worldwide. The attack wave predominantly focuses on targets in the United States, but victims in areas including Russia, the UK, Australia, and other English-speaking countries have also been traced.


2 How to Outsmart the Most Common Money Scams

Financial scams are on the rise, according to the Federal Trade Commission’s annual Sentinel Data Book report—but there are some simple measures most people can take to avoid being played. Consumers reported nearly 3 million scams to the FTC in 2018, 48 percent of which were related to fraud of some kind. The top types of scams were: Imposter scams, such as catfishing, impersonating government employees or a close relative, etc.; Debt collection scams; and Identity theft. Telephone was the most common mode of communication the scammers used to get in touch with victims, while wire transfers were the top payment method for fraud. Here are some tips to avoid falling for a money-related scam in 2019.


3 Quadriga Crypto Mystery Deepens With ‘Cold Wallets’ Found Empty

When Quadriga Fintech Solutions Corp. founder Gerald Cotten died, account holders feared the encrypted access keys needed to recover C$190 million ($143 million) of cryptocurrencies held by the exchange in offline storage could be lost forever. It looks now like the storage Quadriga is known to have used — dubbed cold wallets — has been empty since April. This marks the latest twist for a Vancouver-based digital exchange that shuttered operations at the end of January, leaving 115,000 customers out-of-pocket for about C$260 million in cash and cryptocurrencies. The firm has been under court-approved creditor protection since Feb. 5 and Ernst & Young has been sorting through Quadriga’s dealings as a monitor under the process. The monitor’s latest report, released Friday, shows troublesome news.


4 Microsoft president says WA state privacy bill could impact facial recognition technology globally

Two of the top companies developing facial recognition software are in Washington state, where a bill that would regulate the technology is working its way through the legislature. Because Amazon and Microsoft would be regulated by the law, Microsoft President Brad Smith says its implications would impact billions of people living outside Washington’s borders. Microsoft and Amazon both highlight the benefits of the facial recognition technology they offer — from diagnosing disease to locating missing children. But they diverge when it comes to the controversy surrounding the technology. Amazon has come under fire from the ACLU and others worried facial recognition can amplify racial bias. The use of Amazon’s technology by law enforcement agencies rankles civil rights activists.


5 Facebook and Google unveil new efforts to tap into the 'unconnected' population

Facebook and Google both announced a host of partnerships aimed at making internet access globally ubiquitous at Mobile World Congress 2019 last week.  The companies' new partnerships support their respective connectivity initiatives: Facebook's Express Wi-Fi is aimed at providing affordable internet access to rural areas of developing markets through partnerships with mobile operators and internet service providers (ISPs), while Google Station works with partners to provide free Wi-Fi connections at railroads, universities, and other public areas. Approximately 4 billion people globally — or around half of the global population — are without internet access.


6 Hackers Sell Access to Bait-and-Switch Empire

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few. Earlier this week, a cybercriminal on a Dark Web forum posted an auction notice for access to a Web-based administrative panel for an unidentified “US Search center” that he claimed holds some four million customer records, including names, email addresses, passwords and phone numbers. The starting bid price for that auction was $800.


7 Northwestern Neuroscientist Researching Brain Chips To Make People Superintelligent

What if you could make money, or type something, just by thinking about it? It sounds like science fiction, but it might be close to reality. In as little as five years, super smart people could be walking down the street; men and women who’ve paid to increase their intelligence. Northwestern University neuroscientist and business professor Dr. Moran Cerf made that prediction, because he’s working on a smart chip for the brain. “Make it so that it has an internet connection, and goes to Wikipedia, and when I think this particular thought, it gives me the answer,” he said. Cerf is collaborating with Silicon Valley big wigs he’d rather not name.


8 Sony begins refunding Anthem purchases in light of “full power down” reports

After a weekend full of reports about Anthem woes on PS4, people who purchased the game on that console got a sliver of "good" news on Monday: you can probably get a no-questions-asked refund for your purchase if you ask Sony for it. The story begins with a scary "full" system crash mid-game, which doesn't just hard-lock the game or dump users into an error message and system menu. Instead, the crash completely powers down PS4 consoles, as if the power cord had been yanked out. That means a tap of the controller's "PS" button won't power the console back on. Once users press the system's power button, the PS4 reboots in a black, 480p-resolution screen to check for possible issues with corrupted memory. After that disk check, the console's menus remind users not to power down their systems in such an unsafe way.


9 Google drops macOS zero-day after Apple misses bug deadline.

Google has publicly disclosed a zero-day flaw in Apple's macOS after the Cupertino mobe-maker failed to fix the security shortcoming within the ad giant's 90-day deadline. The vulnerability itself is relatively minor in terms of danger: it allows malware already running on your Mac, or a rogue logged-in user, to potentially escalate their privileges, and fully take over the computer, by secretly altering the contents of files on user-mounted disks without you noticing. Thus, to exploit the weakness, your computer already has to be compromised, which is pretty much game over for most folks. However, this is Google dropping a proof-of-concept exploit on a tech rival, and it's therefore caught everyone's attention.


10 Armor Games admits massive data breach

The videogame company Armor Games admitted that all of its users have been affected by a recent massive data breach; according to network security and ethical hacking specialists from the International Institute of Cyber Security, the compromised information is already on sale in some hacking forums on dark web. As recently reported, other platforms such as MyHeritage, MyFitnessPal and the CoffeeMeetsBagel dating app were also affected by this massive data breach campaign. With regard to Armor games, network security experts have found about 1.8 GB of information available in exchange for a payment of 0.27 Bitcoin, about $988 USD at the current exchange rate. The browser-based videogames company sent an email to its users to notify them of the situation, stating that the incident occurred in the early 2019, although the notification was published until January 29.


11 Smart Ski Helmet Headphone Flaws Leak Personal, GPS Data

Researchers have found a slew of vulnerabilities in a pair of smart headphones designed to fit under ski helmets. The flaws could allow a bad actor to view victims’ personal information, track them and even listen to their private conversations via the headphones’ walkie-talkie function, which uses mobile data and a phone app. Researchers with Pen Test Partners discovered the rash of security flaws in Outdoor Tech CHIPS smart headphones. “We speculate that the development house wasn’t following OWASP [Open Web Application Security Project] secure development practices, and Outdoor Tech wasn’t sufficiently versed in security to query this,” Pen Test Partners researcher Alan Monie said in a Monday analysis. “A shame, as we really like the product, but its security is sorely lacking. Even intended functionality leaks personally identifiable information (PII). That’s crazy.”


12 House Probes Cambridge Analytica on Russia and WikiLeaks

As part of a sweeping new investigation into what it calls "obstruction of justice, public corruption, and other abuses of power by President Trump," the House Judiciary Committee sent document requests to 81 people and organizations on Monday.  Sprinkled among those names are also key players from President Trump's 2016 digital team, including his former digital director and current campaign manager, Brad Parscale, as well as several former executives of Cambridge Analytica, the now defunct consulting company, including former CEO Alexander Nix, former business development director Brittany Kaiser, and Julian Wheatland, director of Cambridge Analytica's parent company, SCL Group. The inclusion of these individuals and the questions asked of them suggest the committee's keen interest in digging for connections between the Trump campaign, Russia, and WikiLeaks, which published Democratic emails that were hacked by Russian state actors during the 2016 election.


13 Virtual Case Notes: You Have the Suspect’s Phone. It’s Soaked in Drain Cleaner. Now What?

If you think about the things you wouldn’t want to happen to your own phone, you might think drenching it in vegetable oil, diesel fuel, or certainly drain cleaner would be sufficient in damaging it beyond repair. But as shown by research funded by the U.S. Department of Homeland Security, Science and Technology Directorate, conducted by VTO Labs, and presented at the 71st Scientific Meeting of the American Academy of Forensic Sciences last week, digital evidence can be surprisingly resilient, and digital forensics practitioners equipped with the right tools and knowledge can still pull something valuable from the mangled shell of a damaged smartphone. After submerging 49 phones of the same model and OS in a variety of oil-based, flammable and clandestine chemical liquids for seven days, the VTO Labs team, which included interns from Marshall University’s Forensic Science Graduate Program, found that a full forensic image could still be extracted from all of them—even when circuit board components were severely corroded.


14 Google disables Android TV photo sharing for all users after account privacy issue

Google has shut down Google Photos sharing to Android TV devices today after a bug was discovered that revealed hundreds of user accounts to other users. Until the bug is resolved, Android TV owners won’t be able to set Google Photo albums as their screensaver or view pictures with Google Assistant on their set-top devices or smart TVs, as reported by Android Police. The bug was first spotted by Twitter user Prashanth who noticed that, while trying to set up a screensaver on a Vu brand TV, they could view hundreds of other Google accounts, a bug that was replicated by user Aarjith Nandakumar on his iFFalcon smart TV. It’s not entirely clear what caused the bug. Prashanth notes that they couldn’t replicate the bug on another Android TV device (a Xiaomi Mi Box 3), and now that Google has temporarily blocked the feature on its end, it’s difficult to see how widespread the problem is.


15 This web tool could be another step toward killing passwords for good

Today’s W3C announcement builds on the unveiling last year of WebAuthn — short for Web Authentication — and notes that it’s now an official web standard. It works as a password-free authentication mechanism that lets users forgo passwords in favor of an authenticator like a biometric ID to register and authenticate themselves on websites as well as in mobile apps. Per the W3C, WebAuthn is already supported by major browsers like Chrome, Firefox, Safari and Edge, and today’s announcement should help spur its wider usage across the web as a whole. As part of today’s announcement, Microsoft vice president for program management in the company’s identity division Alex Simons said that this work has been a “critical piece” of Microsoft’s commitment to a password-free world. “Today,” he said, “Windows 10 with Microsoft Edge fully supports the WebAuthn standard, and millions of users can log in to their Microsoft account without using a password.”

Related Posts